[asterisk-users] Security - What inbound variables can attackers populate or use when calling?

jwexler at mail.usa.com jwexler at mail.usa.com
Fri Aug 6 01:08:18 CDT 2010

I am setting filters, etc. on variables that attackers can send asterisk
when they call (for example when they initially call into asterisk).

So far, I am filtering:





What other fields or variables would an attacker be able to use in the
packets that they send when placing the call to asterisk?


Further, I am assuming that in the case that an attacker, first, simply
dials in normally and then after reaching voice prompts or other, starts
his/her attack, then all I need to filter in that case is exten. Anything
else here as well?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100806/d753a889/attachment.htm 

More information about the asterisk-users mailing list